(RHSA-2010:0758) Important: kernel-rt security and bug fix update

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

• The compat_alloc_user_space() function in the Linux kernel 32/64-bit
  compatibility layer implementation was missing sanity checks. This function
  could be abused in other areas of the Linux kernel if its length argument
  can be controlled from user-space. On 64-bit systems, a local, unprivileged
  user could use this flaw to escalate their privileges. (CVE-2010-3081,
  Important)

• A missing upper bound integer check was found in the sys_io_submit()
  function in the Linux kernel asynchronous I/O implementation. A local,
  unprivileged user could use this flaw to cause an information leak.
  (CVE-2010-3067, Low)

Red Hat would like to thank Ben Hawkes for reporting CVE-2010-3081, and
Tavis Ormandy for reporting CVE-2010-3067.

This update also fixes the following bugs:

• The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240)
  where, when an application has a stack overflow, the stack could silently
  overwrite another memory mapped area instead of a segmentation fault
  occurring. This update implements the official upstream fixes for that
  issue. Note: This is not a security regression. The original fix was
  complete. (BZ#624604)

• In certain circumstances, under heavy load, certain network interface
  cards using the bnx2 driver, and configured to use MSI-X, could stop
  processing interrupts and then network connectivity would cease.
  (BZ#622952)

• This update upgrades the tg3 driver to version 3.110. (BZ#640334)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.